CVE-2026-47899EPSS p3.4%

CVE-2026-47899CVE-2026-47899

Description

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer (e.g. via XSS or a malicious plugin), can read, write, or delete arbitrary files on the user's system. While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.

Scoring

EPSS0.14% probability of exploitation · percentile 3.4% · 2026-06-19T12:03:05Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47901
CVE
CVE-2026-9279
CVE
CVE-2026-47900
CVE
CVE-2025-56683
CVE
CVE-2026-34765
CVE
CVE-2026-34769
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.